Norway


- 1519565080 bpthumb - Multiple Adobe Acrobat Reader DC Vulnerabilities

Discovered by Aleksandar Nikolic of Cisco Talos

Overview

Today, Talos is releasing details of a new within Reader . Adobe Reader is the most popular and most feature-rich PDF reader. It has a big user base, is usually a default PDF reader on systems and integrates into browsers as a plugin for rendering PDFs. As such, tricking a user into visiting a malicious page or sending a specially crafted email attachment can be enough to trigger this vulnerability.

A specific Javascript script embedded in a PDF file can cause the document ID field to be used in an unbounded copy operation leading to stack-based buffer overflow when opening a specially crafted PDF document in Adobe Acrobat Reader DC 2018.009.2004. This stack overflow can lead to return address overwrite which can result in arbitrary execution. In order to trigger this vulnerability, the victim would need to open the malicious file or access a malicious web page.

Read More >>



Source link

LEAVE A REPLY

Please enter your comment!
Please enter your name here